public async Task <Tuple <string, string> > ResetPinCode(string bookingRef)
{
AecUser user = await _userManager.FindByNameAsync(bookingRef);
if (null == user)
{
throw new NotFoundException();
}
if (!user.IsBooking)
{
throw new InvalidOperationException("This operation can only be used to reset the PIN code of a booking.");
}
string pinCode = _credentialsGenerator.GeneratePinCode();
var token = await _userManager.GeneratePasswordResetTokenAsync(user.Id);
IdentityResult result = await _userManager.ResetPasswordAsync(user.Id, token, pinCode);
if (result.Succeeded)
{
return(Tuple.Create(user.UserName, pinCode));
}
string message = string.Join(Environment.NewLine, result.Errors);
throw new InvalidOperationException(message);
}
public async Task ChangePassword(string userName, string currentPassword, string newPassword, bool forceReset)
{
AecUser user = await _userManager.FindByNameAsync(userName);
if (null == user)
{
throw new NotFoundException();
}
if (user.IsBooking)
{
throw new InvalidOperationException("This operation can't be used to change the PIN code of a booking.");
}
IdentityResult result;
if (forceReset)
{
var token = await _userManager.GeneratePasswordResetTokenAsync(user.Id);
result = await _userManager.ResetPasswordAsync(user.Id, token, newPassword);
}
else
{
result = await _userManager.ChangePasswordAsync(user.Id, currentPassword, newPassword);
}
if (!result.Succeeded)
{
string message = string.Join(Environment.NewLine, result.Errors);
throw new InvalidOperationException(message);
}
}
public async Task CreateUser(AecUser user)
{
IdentityResult result = await _userManager.CreateAsync(new AecUser { UserName = user.UserName }, user.Password);
if (!result.Succeeded)
{
string message = string.Join(Environment.NewLine, result.Errors);
throw new InvalidOperationException(message);
}
}
public async Task DeleteAsync(Booking booking)
{
AecUser user = await _userManager.FindByNameAsync(booking.Reference);
if (null != user && user.IsBooking)
{
await _userManager.DeleteAsync(user);
}
using (var db = DbUtil.Open())
await db.ExecuteAsync("delete from [Booking] where [Id] = @Id", new { Id = booking.Id });
}
public async Task <IHttpActionResult> Create(AecUser user)
{
try
{
await _usersController.CreateUser(user);
return(Ok());
}
catch (InvalidOperationException ex)
{
return(BadRequest(ex.Message));
}
catch (Exception ex)
{
_log.Error(ex, "An unexpected exception occurred while trying to create a user.");
throw;
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
AecUser user = await _userManager.FindAsync(context.UserName, context.Password);
if (null != user)
{
var identity = await _userManager.CreateIdentityAsync(user, context.Options.AuthenticationType);
if (!user.IsBooking)
{
identity.AddClaim(new Claim(ClaimTypes.Role, Roles.Admin));
}
context.Validated(identity);
}
else
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
}
}